Passwords and OTPs belong to the past. Financial institutions and forward-looking enterprises alike are looking for more seamless, yet secure ways to authenticate their employees and customers.
Giesecke+Devrient (G+D) presents three examples that can benefit from passwordless multi-factor authentication (MFA) while combatting frauds and providing an enhanced user experience.
The IDC European Security Survey 2022 revealed that poor password hygiene is the greatest challenge in the area of identity and access controls in almost every second company (44%). Particularly worrying is the high level of password recycling, with no distinction between private passwords and those used to access an organization’s systems.
Passwords are the root cause of over 80% of data breaches. Meaning a breach in private use could lead to a hack of the organization’s systems. In addition to security concerns related to password-related frauds, there are often pragmatic or operational challenges, such as typing passwords in difficult environments or for workers in manufacturing or at industry sites. According to IDC more than a third of organizations are struggling to balance robust security and positive user experience.
The banking journey looks no different. Entering an ID and password to log in to any website or app is also no longer fit for purpose. According to the FIDO Alliance, 89% of web application breaches were caused by stolen or compromised passwords in 2021. Not only are passwords often the target of phishing attempts, it is also a pain point for consumers to remember multiple passwords for their online accounts.
As a result, consumers often reuse the same password, leaving all their accounts vulnerable in the event of a data breach. Multi-factor authentication methods, such as one-time passwords (OTP) and SMS, have been introduced to reduce the risks associated with passwords. However, there are several limitations for both customers and banks, like clunky user experience, susceptibility to phishing, lack of control, and hidden costs, such as dealing with fraudulent activity, which costs banks a lot of time, money, and resources.
“A lot of the regulations around authentication are fixated on solving a problem that’s fundamentally tied to the primary factor of authentication that we’ve had for 60 years, which is the password,”
says Andrew Shikiar of the FIDO Alliance. “Passwords are the problem.”
Founded in 2013, the FIDO (Fast IDentity Online) Alliance is an association of leading technology, financial and industrial companies, including Apple, Google, Microsoft and Mastercard. Recognizing the growing importance of data protection, the alliance aims to reduce the reliance on passwords and to implement password-free login methods in the future.
It is critical that authentication solutions manage the complexity of back-end security while providing only a single, unified process for the end user. Optimizing MFA by combining biometrics (face, iris, fingerprint) and possession factors creates a passwordless mechanism. This enables financial institutions and forward-thinking enterprises alike to balance a seamless experience with robust security for employees and customers.
Using three practical examples, G+D shows how companies and financial institutions can benefit from implementing passwordless authentication solutions in their daily practice.
- Physical access. The identification of authorized employees should no longer depend solely on numeric entries or the use of easily stolen access cards at building entrances. Biometric methods, such as iris or fingerprint scanning, are the way forward. Typing in passwords is sometimes not the preferred option, especially in challenging environments such as manufacturing plants or heavy industries where staff wears protective clothing.
- Workplace authentication and secure communication. As hybrid working continues to rise, employees must authenticate across multiple devices, systems, applications, and physical locations to securely communicate and exchange data. Unified and passwordless authentication solutions that maximize user convenience while maintaining the right level of security are critical.
- Securing access to accounts and payments. Financial institutions have to comply with regulatory mandates that ensure that the payment ecosystem is protected down to the account holder level. The financial industry worldwide is experiencing a massive surge in fraud and scams. Passwordless MFA addresses both of these factors and balances them with customer-friendly processes. For instance, customers can easily confirm their identity by scanning their face or fingerprint during transactions, making authentication as easy as unlocking their phone.